Merge pull request #2602 from edsiper/crt-symlink

x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00 · 2022-08-03 13:05:29 +02:00 · b3edc1576c
commit b3edc1576c
parent 07e7fe516b fa40b02da3
2 changed files with 22 additions and 2 deletions
--- a/ChangeLog.d/x509-broken-symlink-handling.txt
+++ b/ChangeLog.d/x509-broken-symlink-handling.txt
@ -0,0 +1,5 @@
+Bugfix
+   * Fix handling of broken symlinks when loading certificates using
+     mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+     broken link is encountered, skip the broken link and continue parsing
+     other certificate files. Contributed by Eduardo Silva in #2602.
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -82,6 +82,7 @@
 #else
 #include <dirent.h>
 #endif /* __MBED__ */
+#include <errno.h>
 #endif /* !_WIN32 || EFIX64 || EFI32 */
 #endif

@ -1658,8 +1659,22 @@ cleanup:
        }
        else if( stat( entry_name, &sb ) == -1 )
        {
-            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
-            goto cleanup;
+            if( errno == ENOENT )
+            {
+                /* Broken symbolic link - ignore this entry.
+                    stat(2) will return this error for either (a) a dangling
+                    symlink or (b) a missing file.
+                    Given that we have just obtained the filename from readdir,
+                    assume that it does exist and therefore treat this as a
+                    dangling symlink. */
+                continue;
+            }
+            else
+            {
+                /* Some other file error; report the error. */
+                ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+                goto cleanup;
+            }
        }

        if( !S_ISREG( sb.st_mode ) )